CompTIA A+ 220-1101
Laptop Hardware:
- Batteries: lithium-ion (Li-ion) & lithium-ion polymer (LiPo)
- modular or non-modular
- Keyboard:
- fn keys allow more functions on small keyboards
- Memory: SO-DIMM (Small Outline Dual In-Line Memmory Module)
sometimes soldered onto motherboard (non-modular) but usually easy to replace
- Storage: 2.5 inch magnetic disk HDD (Hard Disk Drive), 2.5 inch SSD (Solid State Drive) or M.2
- SSD much faster than magnetic disk, silent, no moving parts
- SSD uses same interface as magnetic disk (plugs in with SATA power and data cables), can replace easily
- M.2 is small and does not use SATA power or data connectors, plugs straight into motherboard
* Desktops can have 3.5 inch magnetic disks
- cloning drives with software or drive-to-drive image (2 drives plugged in at once)
- 802.11 WI-FI & Bluetooth:
- 802.11 is a standard created by IEEE () declaring the range of frequencies to be used for WI-FI & Bluetooth
- LAN (Local Area Network): interconnects computers within a limited area
- PAN (Personal Area Network): Bluetooth
- WWAN (Wireless Wide Area Network): Cellular network (3G, LTE, etc...)
- usually soldered onto motherboard but sometimes come as PCI or PCI-E cards
- NFC, Biometrics
- Displays:
- LCD: Liquid Crystal Display - shines light through liquid crystals
- light, low power, inexpensive
- no true black, requires separate backlight
- 3 Types of LCD:
- TN (Twisted Nematic): fast response (gaming), poor viewing angles
- IPS (In-Plane Switching): best color representation, more expensive than TN
- VA (Vertical Alignment): better color than TN, slower than TN
- 2 Types of Backlighting:
- LED (Light Emitting Diode): LEDs in a matrix/grid/array behind LCD
- CCFL (Cold Cathode Fluorescent Lamp): require inverter to change DC to AC current, heavier, old tech
* if display is not working, shine light to it and see if anything shows on screen. If so, the backlight is the problem. If CCFL, may just be the inverter.
- OLED (Organic Light Emitting Diode): organic compound emits light when receiving current
- no backlight, thin, light
- Digitizer: converts analog signal from stylus input to digital signal
- touchscreen digitizer takes input from finger as well as stylus
- Wi-Fi antenna usually located in display case at top
Cellular Standards:
- 2G:
- GSM: Global System for Mobile Communication
- 90% of market, uses SIM (Subscriber Identity Module), worldwide coverage, allows multiplexing (multiple people speaking at once)
- CDMA: Code Division Multiple Access
- individual codes to distinguish who you speak with, not popular ouside of US
- 3G: faster than 2G, GPS, video on demand
- 4G: merged GSM & CDMA into EDGE (Enhanced Data Rates for GSM Evolution)
- LTE: Long Term Evolution - uses EDGE
- LTE-A: Advanced - faster than LTE
- 5G: Fast, 10Gb/s, allows IoT easier, cloud
* PRL (Preferred Roaming List): CDMA networks, allow phone to update OTA (Over the Air)
* Hotspot converts cell network to 802.11 for devices to access internet
Internet Protocol (IP):
- each device has an IP address
- parts of IP: ehternet header - ethernet payload - ethernet trailer
- payload has IP header and IP payload
- IP payload can have UDP/TCP header and UDP/TCP payload
- UDP/TCP payload can have HTTP data, VOIP data, etc...
- TCP & UDP: encapsulated in IP
- Both part of OSI layer 4 (transport layer)
- ALLOW MULTIPLEXING!!! The whole purpose of TCP & UDP is to send/receive info from and to multiple apps/servers at the same time.
- This is how you are able to run youtube while also browsing the net simultaneously.
- TCP & UDP have port numbers which are just logical identifiers for each task you're doing.
- TCP 443 is HTTPS for example.
- TCP: Transmission Control Protocol
- connection oriented protocol:
- reliable delivery: can manage out of order messages and resend any missing data.
- flow control: receiver can manage how much data is sent
- client and server acknowledge eachother before sending
- client acknowledges every piece of data
- used in HTTPS, SSH
- UDP: User Datagram Protocol
- connectionless protocol: no formal open or close to connect
- unreliable, no acknowledgement or flow control
- used in DHCP, real-time communication, TFTP
- IPv4 (version 4):
- server IP address, TCP/UDP protocol, server application port number
- client IP address, TCP/UDP protocol, client port number
- ephemeral ports: temporary to communicate with server, usually between 1024-65535, determined in real time by client randomly
- non-ephemeral ports: permanent, 0-1023 usually on a server/service
- example of IP packet:
- IP header (source IP address & Destination IP Address) ;
- IP Payload -> TCP/UDP port number client is sending request from + TCP/UDP port number of server/service & data to be sent (HTTP data for example)
- TCP/UDP port number client is sending request from is an ephemeral port determined in real time by client randomly
Port Numbers:
- FTP (File Transfer Protocol): tcp/20 (active mode data) & tcp/21 (control)
- tcp/20 carries data accross
- tcp/21 controls data transfer
- FTP server allows to add, delete, edit, etc... files
- SSH (Secure SHell): tcp/22
- encripted terminal communication
- Telnet: tcp/23
- unencripted, same service as SSH
- SMTP (Simple Mail Transfer Protocol): tcp/25
- sending mail to servers
- POP3 (Post Office Protocol v3): tcp/110
- basic, no sync, deletes on server after viewed and downloaded locally
- IMAP (Internet Message Access Protocol v4): tcp/143
- allows sync
- DNS (Domain Name System): udp/53
- resolves IP address from domain name
- DHCP (Dynamic Host Configuration Protocol): udp/67 & udp/68
- requires DHCP server, usually built into routers
- assigns IPs on a lease to devices that connect to network
- can have DHCP reservations so that certain devices always have same IP address (identified by MAC address)
- HTTP (Hypertext Transfer Protocol): tcp/80
- unenctripted, website info
- HTTPS (Secure): tcp/443
- SMB (Server Message Block): tcp/445
- file sharing, printer sharing
- AKA CIFS (Common Internet File System)
- NetBIOS: udp/137 & tcp/139
- older version of SMB
- udp/137 (name services) finds services by name
- tcp/139 (session services) sets up session and transfers data between devices
- SNMP (Simple Network Management Protocol): udp/161 & udp/162
- udp/161 for queries about network
- udp/162 for Traps (set up monitoring, if somthing is exceeded, SNMP will alert you)
- v1 & v2 was in the clear, v3 is encrypted
- LDAP (Lightweight Directory Access Protocol): tcp/389
- store & retreive info in a network directory
- commonly used in Microsoft Active Directory
- RDP (Remote Desktop Protocol): tcp/3389
- control computers remotely
Network Devices:
- Router: routes traffic between IP subnets
- uses IP address to determine where to send
- layer 3
- can connect LAN, WAN, copper, fiber in one device
- Swtich:
- uses MAC (Media Access Control) address to determine where to send
- ASIC (Application Specific Integrated Circuit) sometimes in switches
- may provide PoE (Power over Ethernet)
- if switch includes routing functions, it is a layer 3 switch / multilayer switch
- unmanaged switch: no configuration, no VLANs
- managed switch:
- monitoring, configuring, VLANs (Virtual LAN) to separate spaces
- traffic prioritization (maybe VOIP is more important than other packets)
- redundancy support with STP (Spanning Tree Protocol)
- port mirroring: coppy data on one port to another for analysis
- allows external management with SNMP
- Wireless Access Point (WAP):
- just a bridge, no routing functionality, only extends network range
- makes forwarding decisions based on MAC address
- Patch Panel:
- work stations are labelled on patch panel, punched-down permanently but on front the connections are patched with ethernet cables to wherever needed very easily
- Firewall:
- layer 4 / layer 7 if understands application interface
- encrypts traffic, proxy, disallow traffic, some can be used as routers
- PoE: ethernet cable provides power and data, provided by switch
- built-in PoE function on switch: Endspans
- In-line power injector: Midspans (something in middle that injects power)
- IEEE 802.3 af, at, bt
- Hub: multi-port repeater
- half duplex
- copies data from one port to all
- Cable modem: use same cable as TV
- broadband: transmission accross multiple frequencies
- DOCSIS (Data Over Cable Service Interface Specification)
- 1Gb/s
- DSL (Digital Subscriber Line)
- normally ADSL (Asymmetric): download faster than upload
- ONT (Optical Network Terminal):
- allows fiber connection to house, usually outside
- demarcation point (demarc): connect ISP fiber to copper network
- NIC (Network Interface Card):
- all devices that connect to networks need a NIC to connect
Software Defined Networking (SDN)
- takes all things that physical network devices do any makes them possible by solely software
- Infrastructure layer / Data plane
- process network packets
- forwarding, encrypting
- Control layer / Control plane
- manage actions of data plane
- routing tables, session tables, dynamic routing protocol updates
- Application layer / management plane
- configure and manage device
- SSH, browser, API, SNMP
802.11
- 802.11a: 1999, 5GHz
- 802.11b: 2.4GHz (slower but more range)
- 802.11g: back compatible to b, faster 2.4
- 802.11n Wi-Fi 4: 2.5 or 5GHz
- MIMO (Multiple Input Multiple Output)
- 802.11ac Wi-Fi 5: 5Ghz
- signaling modulation
- MU-MIMO (Multi User MIMO)
- 802.11ax Wi-Fi 6: 2.4 or 5Ghz
- 1.2Gb/s
- OFDMA (Orthogonal Frequency Division Multiple Access)
* 2.4 GHz can be interrupted by microwaves and other signals
* if using 802.11ac in 2.4Ghz, it's actually just 802.11n
* long tange fixed wireless network: need an antenna that points from one building to another to connect the two
* 2.4GHz only has 3 channels, 5GHz has many times more
IPv4 & IPv6
- IPv4: 4 octets (4 x 8 bits each = 32 total) separated by a dot in binary translated into base 10 as 192.168.0.1 for example. Each of those numbers are represented in 8 bits.
- subnet mask:
- ex: 255.255.255.0
- used by local device to determine what subnet it's on
- default gateway: the router that allows you to communicate with networks ouside your local subnet
- ex: 192.168.1.1
- must be an IP inside your local subnet
- IPv6: 128 bit total, 8 x 16 bits with each separated by a colon
- first 64 bits = network address
- last 64 bits = host address
Assigning IP Addresses
- DHCP:
- used to be called BOOTP
- assigns IP, subnet mask, default gateway, etc...
- DORA: four step process
- Discover: find a DHCP server
- Offer: get an offer
- Request: lock in the offer
- Acknowledge: DHCP server confirmation
- DHCP reservation: always gives a device with a certain MAC address the same IP
- APIPA (Automatic Private IP Address): when no DHCP server can be found
- cannot communicate outside local network
- 169.254.0.0 - 169.254.255.255
- your own device will assign this if can't find DHCP server
- no default gateway
- mannually assign static IP without DHCP
DNS:
- DNS is hierarchical
- dig command shows all records held on DNS server
- nslookup command can do similar things as dig but more syntax
- Resource records (RR): IPs, certificates, etc...
- A or AAAA record: defines the IP address for a host
- A for IPv4, AAAA for IPv6
- TTL (Time To Live): DNS will cache the info requested for as long as the TTL is set
- makes it easier to re-access info
- MX (Mail exchanger record)
- TXT record: used for verification, email security
- SPF (Sender Policy Framework): list of all servers authorized to send emails from a domain
- DKIM (Domain Keys Identified Mail): digitally sign a domain's outgoing mail
- DMARC (Domain-based Message Authentication, Reporting, and Conformance):
- prevent unauthorized email use (spoofing)
DHCP Configuration
- DHCP pools: groups of addresses for different subnets
- SOHO DHCP: home router config through web portal
- DHCP lease, allocation, reallocation
- lease time:
- T1 timer: computer checks in with DHCP server after 50% of lease time elapses in order to renew lease (renewal period)
- T2 timer: if original DHCP server is down, computer checks in with differnt DHCP server after 87.5% of lease time (rebinding period) in order to renew IP address
VLAN & VPN
- VLAN: instead of buying two separate switches to make two separate networks, use logical separation instead of physical
- VPN (Virtual Private Network): encrypted data over internet
- Concentrator: your connection goes to a concentrator (physical device that encrypts), usually integrated with firewall
Internet Connection Types
- satellite: non-terrestrial communication, 50Mb/s, slow, 2GHz, weather affects it
- fiber: fast, long range, expensive
- cable broadband: copper wire, transmit video, voice and data over same cable, 1Gb/s+
- DSL: telephone lines, 200Mb/s, short range
- Cellular networks: Antennas
- WISP (Wireless Internet Service Provider): need outdoor antenna, used in rural areas
Network Types:
- LAN: Local Area Network, 802.11
- WAN: Wide Area Network, connects LANs
- PAN: Personal Area Network, bluetooth/IR/NFC
- MAN: Metropolitan Area Network, usually in same city (companies/gov)
- SAN: Storage Area Network
- WLAN: Wireless LAN
- WWAN: Wireless WAN, AKA Cellular network
Network Tools:
- Cable crimpers: pinch connector onto wire
- Wifi analyzer: software or purpose built hardware, allows to see interference
- Tone generator / Toner probe: generator on one end of wire, probe on same wire at other side will make a sound
- Punch-down tool: fasten and cut excess wire to a block
- Cable tester: makes sure if each pin in a wire is connected to correct pin on other side (ex: pin1-pin1)
- Loopback plug/cable: connects device to itself for analyzing packets and transfer of data
- cross over cable: connects one device to another directly
- taps and port mirrors: tap intercepts network traffic, port mirror is software based tap, also called SPAN (Switched Port Analyzer)
- man in the middle
Network Cables:
- twisted pair copper ethernet cable
- 4 pairs (8 total) wires: blue/blue-white, green/green-white, orange/orange-white, brown/brown-white
- twist keeps interference away, opposite signals in each pair are compared at other end
- 1000BASE-T: CAT5 & CAT5e (enhanced) - 100 meters
- 10GBASE-T: CAT6 & CAT6A (augmented) - 100 meters
- coaxial cable: RG-6 wire conductor with insulator over and metal shielding, plastic jacket on top
- plenum: shared space with wires and air return in ceiling
- plenum rated cable: safe in case of fire in plenum space, low smoke PVC jacket as opposed to FEP normally used
- PVC jacket is less flexible
- UTP (Unshielded Twisted Pair): ethernet cable without metal shielding around each of the twisted pairs, or around the whole cable
- STP (Shielded Twists Pair): metal shielding around whole cable, individual pairs or both, usually have grounding wire too
- abbreviations: U = unshileded, S = braided shielding (around each pair), F = Foil Shielding (around whole cable)
- ex: F/UTP = foil around whole cable, S/FTP = shield around each pair and whole cable
- direct burial STP: burried underground, has waterproof gel
- Fiber:
- no RF signal, no interference, long range
- led on one side transmitted to other side, cladding reflects all the way through
- multimode: short range (2km), cheap led
- singlemode: long range (100km), laser light
TIA-568 Standard:
- also ISO/IEC 11801 standard used in other parts of world
- ANSI/TIA-568 defines twisted pair coloring standards and more
- two standards: T568-A & T568-B (8P8C - 8 pin 8 connector)
- T568-B is more common
* look at picture of differences in colour
Peripheral Cables:
- USB (Universal Serial Bus):
- USB-C: replaces all USB connectors, used for multi purpose
* know shapes of each type of USB
* check screenshot for USB standards
- Thunderbolt:
- can transmit power and data
- based on mini display port
- 10-40Gb/s
- fiber or copper
- daisy chain up to 6 devices
- Serial console cables:
- D-sub connectors
- RS-232
- used for switches, mice, keyboard, etc...
Video Cables:
- VGA (Video Graphics Array):
- DB-15 (technically DE-15)
- 15 pin
- video only
- 5-10 meters
- HDMI (High Definition Multimedia Interface):
- video and audio
- 20 meters
- 19 pin
- DisplayPort:
- digital audio and video
- passive addapter with HDMI (compatible)
- DVI (Digital Visual Interface):
- DVI-A: Analog
- DVI-D: Digital
- DVI-I: Integrated (digital and analog)
- DVI-D & DVI-I both have two versions:
- single link: 3.7Gb/s, 60fps
- dual link: 7.4Gb/s, 85fps
- dual link has more pins
* check image for differences in cables
SATA (Serial AT Attachment):
- SATA 1.0-3.2: 1.5Gb/s-->16Gb/s, 1 meter
- eSata (external): 2 meters
- 7 pin connector for data transfer
- 15 pin connector for power
- SATA has L shape, eSATA has a straight connector
- SCSI (Small Computer System Interface):
- used before SATA
- ribbon cable
- still used in virtual networks & some physical networks
- daisy chain up to 16 devices
- parallel and series options
- different types: fast, ultra, ultra wide, ultra3, ultra 320, ultra640, iSCSI (SCSI over IP)
- LUN (Logical UNit): each SCSI device is assigned a separate ID number starting at 0
- SCSI terminator: close off the chain
- SAS (Serial Attached): newer, don't require terminators or settings
- no more daisy chain
- PATA (Parallel AT Attachment):
- old tech
- used to be called IDE (Integrated Drive Electronics)
- ribbon cable
- 40 & 80 wire cables
- 80 wire cable reduces crosstalk
- Adapters & Converters:
- converting requires an active process that changes the data transmitted
- converting digital to analog or visa-versa
- adapters are passive, just connect the correct pins
- analog to analog or digital to digital
- USB hub can convert and adapt multiple connectors to your USB port on your computer
- Copper Connectors:
- RJ-11: (6P2C) 6 position 2 conductor
- telephone or DSL
- RJ-45: (8P8C)
- ethernet
- F-connector: single copper wire
- cable TV or DOCSIS
- Punchdown block: wire to wire connections
- USB: USB-C is 24 pin, double sided
- Molex: 12V and 5V power, 4 pin
- Lightning: 8 pin, high power output
- DB-9: used for RS-232, modem, printer, router, switch communications
- Fiber Connectors:
- LC (Local Connector), ST (Straight Tip), SC (SubsCriber)
* check picture for differences
Memory:
- RAM (Random Access Memory):
- volatile memory: always needs power to refresh
- if power turned off, RAM resets
- not storage space
- DIMM (Dual Inline Memory Module):
- both sides of DIMM has memory chips
- 64 bit data width
- SO-DIMM (Small Outline):
- used in laptops, about half size of DIMM
- SDRAM (Synchronronous Dynamic RAM):
- sync with system clock queue one process while waiting for another
- SDR (Single Data Rate): transfer one piece of data per clock cycle
- DDR (Dual Data Rate): transfer 2 pieces of data per clock cycle
- DDR3: twice data rate of DDR2, max 16GB per DIMM
- DDR4: max 64GB per DIMM, faster
- DDR5: max 64GB per DIMM, faster
* each itteration is not compatible, cannot swap DDR3 RAM for DDR4, different layout for slots
- virtual memory: AKA virtual RAM or Swap file
- use part of SSD or HDD as if it were RAM
- much slower than DIMMs
- multi-channel memory: spreads work over each of the colour matching RAM slots
- parity memory: identify errors in memory
- a parity bit is added to the end of data to make every line of data even
- if some data has an odd number of 1s, we know there was an error
- parity bit is 0 if data has an even amount of 1s
- parity bit is 1 if data has an odd amount of 1s
- ECC (Error Correcting Code) memory: detects errors and corrects memory
Storage Devices:
- HDD (Hard Disk Drive):
- non-volatile magnetic storage
- non-volatile means power is not needed to keep data on device
- rapidly rotating platters
- random access: not like a tape, no fast forward, go direct to info wanted
- many moving parts
- speeds: 5400rpm, 7200rpm, 10000rpm, 15000rpm
- SSD:
- non-volatile, fast, 2.5inch, no moving parts
- m-SATA (mini SATA) interface:
- smaller than SATA connector (7 data pin connector & 15 power pin connector)
- used on SATA drives that were smaller than 2.5inch
- quickly replaced by M.2, no use for m-SATA
- AHCI (Advanced Host Controller Interface):
- SATA uses this to transfer data from drive into RAM
- This interface became a bottleneck for SSDs, they are faster than the interface allows to transfer
- (SATA 3 allowed 600Mb/s but SSDs were faster)
- this is why NVME was created
- NVME (Non Volatile Memory Express)
- matches SSD speeds
- totally different interface/connection from AHCI/SATA
- uses the M.2 interface
- single connection to motherboard
- can use PCI-e bus
- 4GB/s (now a lot higher)
- must be compatible with slot key/spacer
- B key, M key, or both
- Flash memory:
- EEPROM (Electrically Erasable Programmable Read Only Memory):
- non volatile
- limited number of writes
- USB, SD, micro SD, CF
- Optical drive:
- small bumps with laser beam, microscopic binary
- slow but very good for storage
RAID (Redundant Array of Independant Disks):
- not a method of backup
- RAID 0: striping
- split all data equally between 2 drives
- high performance
- no redundancy
- RAID 1: mirroring
- douplicate data from one drive onto another
- use lots of storage
- high redundancy
- RAID 5: striping with parity
- striping data accross 4 drives with parity data striped in as well
- efficient use of disk space
- high redundancy
- RAID 10: 1+0 a stripe of mirrors
- ex: stripe across 3 drives and mirror those on another 3 drives
- at least 4 drives required
- high redundancy
Motherboard Form Factors:
- ATX (Advanced Technology eXtended):
- 20 or 24 pin connector for power, different CPU power connector
- Micro-ATX: smaller
- MINI-ITX:
- screw holes line up with ATX, can install in an ATX case too
Motherboard Expansion Slots:
- PCI (Peripheral Component Interconnect):
- 32 bit & 64 bit bus width
- parallel communication
- OLD
- PCIe (express):
- replaces PCI
- Serial connection
- unidirectional lanes (instead of bus)
- more lanes = faster --> ex: PCIe x4 has 4 lanes
- x1,x2,x4,x8,x16 or x32 full duplex lanes
- x1 has one unidirectional lane for input and one for output
- usually micro-ATX boards have more x1 lanes than the full size PCIe slots to save space
Motherboard Connectors:
- 24 pin motherboard power: +3.3V, +/-5V, +/-12V
- used to be 20 pin
- extra 4 pins for PCIe, required more power
- 24 pin fits in a 20 pin connector, the 4 extra are modular
- 4 pin ATX connector: +12V
- CPU connector and other misc
- SATA
- eSATA expansion card
- pin headers: buttons on computer case, USB on case, LEDs on case, etc...
- M.2 connector
Motherboard Compatibility:
- AMD & Intel have different sockets, motherboards are specific to CPU
- servers can have multisockets (multiple CPUs)
- laptop motherboards are proprietary and different shapes for each model
BIOS (Basic Input Output System):
- firmware, stored on ROM/flash memory
- initializes CPU & memory
- POST (Power On Self Test): checks if there is memory, video, CPU and input
- start bootloader
- UEFI (Unified Extensible Firmware Interface):
- replaced BIOS
- graphical, allows updates easily, can install drivers
- Hyper-V in Windows to access features in BIOS
- launch BIOS with certain keys on startup
- fast startup on windows doesn't turn off computer, can't access BIOS
- dissable by holding down shift when restarting or in msconfig, or interupt reboot 3 times
- boot options: boot order to choose which drive to boot
- can disable USBs for security
- modify fan speed
- overclock
- secure boot: protect BIOS/UEFI
- checks OS bootloader's digital signature
- adding password and supervisory password to BIOS
- with a BIOS password, system won't start without it
- with a supervisory password, nobody can edit the BIOS without it
- can reset BIOS to reset these passwords and everything on BIOS with a jumper
- CLRTC (Clear Real Time Clock)
- CMOS (Complementary Metal Oxide Semiconductor):
- only keeps date and time, removing will not reset BIOS
- TPM (Trusted Platform Module):
- physical hardware can be added to motherboard for encryption functions
- has a processor & persistent memory
- HSM (Hardware Security Module):
- high end cryptographic hardware
- can be a plug in card as well
- all cryptographic keys stored here
- YubiKey is an example
CPU architectures & features:
- 32 bit: can store 2^32 values --> 4GB
- x86
- cannot run 64 bit programs
- 64 bit: can store 2^64 values --> 17 Billion GB
- x64
- OS limits the acutal amount you can store
- ARM (Advanced RISK Machine):
- simple instruction set, less power, less heat
- cores have CPUs with caches
- hyperthreading/multithreading: one CPU core operates as multiple
- virtualization support: Intel VT, AMD-V
Expansion Cards:
- hardware added to expansion slot on motherboard
- sound card: allows output, recording, multiple inputs
- video card: discrete as opposed to integrated into CPU
- capture card: video input, live streaming, capturing console games
- NIC (Network Interface Card): has ethernet port and allows to connect to networks
- multiport ethernet card: adds ethernet ports
- sometimes require drivers, should always update
Cooling:
- fans
- passive cooling: heat sinks, dissipate heat by the shape of the metal conductor
- thermal paste between CPU and heat sink
- thermal pad can also be used but not as effective
- have to replace pad everytime heat sink is taken off, unlike thermal paste
- liquid cooling: water flowing to a radiator for cooling
Computer Power:
- always disconnect power source when working on a computer
- some devices store charge even after off
- never connect body to any part of an electrical system, even ground wire
- power supply converts AC current from wall socket to DC current
- convert 120V or 240V AC to 3.3V, 5V, 12V DC
- Ampere (A): number of electrons flowing through wire
- Voltage (V): pressure pushing electrons through wire
- Watt (W): W=V*A
- power supply can have a manual switch for 120/240V OR automatically switch
- +12V for PCIe adapters, hard drive motors, cooling fans
- +5V not commonly used
- +3.3V used by M.2 slots, RAM slots
- +5V SB (standby): used in hybernate mode
- -12V for integrated LAN, older serial ports, some PCI cards
- -5V for ISA adapter cards, not used much anymore
- servers can have redundant power supplies in case one fails
- can have the multiple power supplies share the load
- some power supplies are modular (can choose which wires you plug in)
MFD (Multifunction Device):
- printer, scanner, fax, network connection, phone line connection, print from web
- driver types:
- PCL (Printer Command Language): commonly used
- PostScript: used in high end printers
- some MFDs can use both
- USB-B to connect or ethernet over network, wireless or bluetooth also possible
- 802.11 ad hoc mode: no access point, direct link between wireless devices
- sharing printers:
- printer share in Windows: anyone can print by sending print jobs to your computer, stops working if computer turns off
- print server: print directly to printer, jobs are managed by printer, web-based front end or client utility
- duplex: print on both sides of paper
- configuration: which tray to choose correct paper size, resolution, greyscale, etc..
- printer security:
- user authentication: set rights and permissions
- badging: authenticate when using printer with an RFID badge
- audit logs: can see who is printing, how much, etc...
- secured prints: define a passcode, use passcode at printer
- flatbed scanner:
- may have an ADF (Automatic Document Feeder)
- can send scan to cloud, folder with SMB, email, etc...
Laser Printers:
- laser, high voltage, charged ions, powdered ink, heat, paper
- fast, high quality, very complex
- imaging drum: picks up toner and places on paper
- can be separate or combined with toner cartridge
- green drum
- fuser assembly: uses heat and pressure to melt toner onto page
- dark brown drum
- transfer belt & roller: color toner transferred to belt and then roller for printing
- colors: cyan, yellow, magenta, black
- 4 separate toner cartriges
- pickup roller: pulls each page into the printer
- if multiple pages are being picked up, pickup roller has a problem
- must be cleaned or replaced
- look like gears
- separation pad: pull just the top sheet from paper tray
- dubplexing assembly: printing on both sides of page
- printer turns over the paper without intervention
- Printing Process:
1) processing: send data to printer and put in memory
2) charging: wire/charge roller provides negative charge to photosensitive drum (cleans the drum)
3) exposing: laser writes image to photosensitive drum with positive charge
4) developing: negatively charged toner sticks to positively charged sections from laser (sticks toner to those sections)
5) transferring: transfer toner from photosensitive drum to paper
6) fusing: heat and pressure from fuser melts toner to paper
7) cleaning: removes any excess toner from photosensitive drum
* these step can occur multiple times to print one single page
Laser Printer Maintenance:
- replacing toner cartridge: message on printer screen warns when low
- toner cartridge can contain the OPC (Organic Photoconductor Drum) (usually green)
- if OPC inside toner cartridge, comes in bag that protects from light
- power down printer, remove old cartridge, replace with new one
- sometimes slide in from side, sometimes drop in from top
- laser printer maintenance kit: contains all parts that wear over a certain amount of prints
- reset page counter after replacing all the parts
- laser printer calibration: make sure color is right
- laser printer cleaning:
- water on outside, isopropyl alcohol (IPA) for rollers
- toner vacuum
- wash with cold water if toner on skin
Inkjet Printer (ink-dispersion):
- inexpensive, quiet, high resolution, expensive ink, fades, clogs
- CMYK colors: liquid cyan, magenta, yellow, key color (black)
- print head: sometimes integrated into ink cartridge
- feed rollers: feed paper into printer
- duplexing
- carriage & belt:
- ink cartridges are on carriage
- belt moves carriage back and forth for ink to drop on right spots
- inkjet calibration: align nozzels of ink cartridges to the paper
- lines should be crisp, colors should align
- calibration option in printer menu
Inkjet Maintenance:
- clogged heads don't allow color to be placed properly
- streaking is a sign
- printer usually has self cleaning option
- can clean manually as well
- toner cartridges may have to be taken out if print head is attached
- clearing paper jams:
- remove any paper from tray
- remove the jammed paper with firm pressure
- some printers have loosening options to make easier
- check for any scraps of paper left over
Thermal Printer:
- receipts are printed on these
- thermal paper: specially coted white paper
- when heated, turns black
- almost silent, paper sensitive to heat and clear tape
- not for archiving
- feed assembly: feed paper to printer
- heating element: metal bar that paper moves past
- different parts of the heating element get hot in order to create the print
Thermal Printer Maintenance:
- thermal paper: must be exactly correct size
- cleaning the heating element:
- if info is missing on print, use IPA to clean
- there are also cleaning pens with IPA (easier)
- swab gently
- cleaning cards: put through printer to clean the element
- removing debris: blow with compressed air or use damp cloth
Impact Printer (Dot-Matrix):
- print head with small matrix of pins
- presses agains ribbon with ink & makes mark on paper
- low cost, noisy, poor graphics
- print head moves back and forth over the paper to print
- printer ribbon: fabric, one long ribbon, easy to replace, proprietary size for each printer
- tractor feed: line up holes on sides of paper to the feed
- paper is one looong piece with perforations to separate into individual pieces, has holes on sides
Impact Printer Maintenance:
- print head replacement: usually modular, usually also replace ribbon
- replace paper: must be straight, the tractor feed holes must align with holes on paper
3D Printer:
- additive manufacturing: add layers of material to creat object
- filament printing:
- FDM (Fused Deposition Modeling): melt filament to print
- print a layer, move up
- large print bed
- resin printing:
- SLA (Stereolithography): smooth, fine detail
- resin is hardened using light source
- UV or laser
- layers added to bottom
- print hangs from print bed (upside down)
- object lowers into resin at bottom of printer, light source hardens resin, print moves up to drip excess resin, moves back down again
- resin is hazardous material
Cloud Computing:
- types of clouds:
- private cloud: available to individual or company
- public cloud: available to anyone on internet
- hybrid cloud: mix of private and public
- community cloud: several organizations, share cost
- IaaS (Infrastructure as a Service):
- sometimes called HaaS (Hardware as a Service)
- pay for time using the cloud computers without anyting on them
- you manage security, OS, apps, etc...
- useful if you are making a cloud service but won't be able to buy an actual cloud server hardware (expensive)
- ex: web server provides you the server space to make your own website
- SaaS (Software as a Service):
- on demand software, no local installation
- ex: office 365, google docs, gmail
- PaaS (Platform as a Service):
- middle ground between IaaS and SaaS
- ex: salesforce
*** no idea what this is
- DaaS (Desktop as a Service):
- run a remote desktop
- uses VDI (Virtual Desktop Infrastructure)
- local device is keyboard, mouse, screen
- no big memory or CPU requirements
- requires good network connectivity for fast performance
- ex: amazon workspaces (AWS)
Cloud Characteristics:
- internal cloud:
- no shared resources, build your own cloud, pay for everything upfront, no ongoing costs
- external cloud:
- share resources with public cloud, owned by third party, cost may be metered or up-front
- metered cloud services:
- cost to upload, clost to download, cost to store
- non-metered cloud services:
- ex: dropbox, google drive
- pay flat fee every month
- rapid elasticity: scale up and down as needed, seemless to everyone
- high availability: cloud usually has many redundancies
- file synchronization: sync data across 2 or more data centers for your cloud service
Virtualization:
- run multiple OSs on one host
- use legacy software easily
- hypervisor: virtual machine manager
- manages virtual platform, guest OS, host hardware (your CPU, RAM, etc...)
- may require CPU that supports virtualization
- hypervisor security:
- VM escaping: malware recognizes it's on virtual machine
- malware compromises hypervisor
- malware jumps from one guet OS to another
- if using a hosted service like AWS, someone else's guest OS being infected can potentially infect yours
- must use security
- AMD-V & Intel VT (Virtualization Technology)
- sandboxing:
- isolated testing environment for developing code without breaking anything
- snapshots allow going back easily
- network requirements:
- most client side VMs have separate internal networks
- shared network address: VM shares same IP as physical host
- bridged network address: every VM has own IP, treated as another physical device on the network
- private address: not able to communicate outside of network
How to Troubleshoot:
- change control: corporate policy, formal process for managing changes
1) Identify Problem:
- Gathering information from log files and error messages
- Questioning users
- Identifying symptoms
- Backup everything
- Determining recent changes
- Duplicating the problem
- Approaching multiple problems one at a time
- Narrowing the scope of the problem
2) Establish Theory of Probable Cause:
- Start with the obvious
- Consider everything
- List possible causes
- Research symptoms
3) Test Theory to Determine Cause:
- Changes should not be made until you are reasonably sure you have a solution that you’re ready to implement.
- This step is also part of the “information-gathering” phase.
- ex: Check if everything is plugged in properly
- if failed, restart at step 1 (identify problem)
4) Establish Plan of Action and Implement Solution:
- Some fixes require reboots or other more significant forms of downtime
- may need to download software, patches, drivers or entire operating system files before proceeding
- change management procedures may require you to test modifications to a system’s configuration in a staging environment before implementing the fix in production
- may need to document a series of complex steps, commands and scripts
- may need to back up data that might be put at risk during the recovery
- may need approval from other IT staff members before making changes
- Once you’ve completed this stage, you’re now ready to do whatever it is you believe you need to do to solve the problem. These steps may include:
- Run scripts
- Update systems or software
- Edit configuration files
- Change firewall settings
5) Verify Full System Functionality & Implement Preventive Measures
6) Document Findings
Troubleshooting Common Hardware Problems:
- POST beeps indicates something wrong with CPU, CMOS, RAM, Video, etc... Any essential component
- incorrect boot order, BIOS config wrong
- Windows Stop Error: blue screen of death (BSOD) - written to event log, may continuously startup and shutdown
- problems: bad hardware, bad drivers, bad application
- solutions: use last known good installation, system restore, rollback driver, reseat or remove hardware
- try safe mode: some drivers aren't loaded in safe mode, can allow you to narrow down the problem
- run full hardware diagnosis: provided by manufacturer (Windows/Mac), BIOS may have hardware diagnostics
- Spinning Wait Cursor (spinning ball of death): MacOSX - something is running
- wait until finished
- problems: application bug, bad hardware, etc...
- if doesn't go away, must restart system
- black screen:
- cables connected? Input correct? Brightness enough?
- Solutions: swap monitor, use VGA mode (Windows) F8
- no power: if fans still spinning, could be display issue, bad motherboard, power supply output
- sluggish performance:
- task manager check for performance problems with CPU, RAM, Disk
- try updating Windows
- turn off power saving mode
- scan for malware
- overheating:
- use monitoring software (HW Monitor) to see temperature
- clean cooling system and case
- smoke & burning:
- disconnect all power immediately
- locate bad components
- may be able to replace single part or may be whole motherboard
- intermittent shutdown:
- computer turns off all of a sudden
- check Event Viewer in Windows
- may have written log about why turned off, could be overheating, etc...
- may be hardware component failing: check device manager, run diagnostics
- could be anything
- application crashes:
- may have message that app stopped working or may just dissappear
- check Event Log
- check Reliability Monitor: breaks down each day how system is performing, separates problems into app failures, Win failures, other issues
- uninstall app and reinstall
- grinding noise: loose components, heat sink fell off, hard drive failing
- clicking: fan problem
- poping: capacitor problem (bulging at the top)
- lockups: freezing system, see what still works (ctrl alt del), update drivers and software, maybe low resources (RAM, storage)
- hardware diagnostic if nothing works
- continuous reboots: where does it reboot? BIOS problem or OS?
- F8: boot from last known working configuration OR safe mode
- disable auto restart to see errors
- bad hardware possibly
- inaccurate time/date: CMOS battery replacement
Troubleshooting Storage Devices:
- read/write failure:
- symptoms:
- "Cannot read from the source disk" error
- slow performance, constant LED activity
- clicking noise
- solutions:
- first BACKUP everything
- check for overheating
- check enough power (power supply enough)
- run hardware drive diagnostics
- boot failure:
- symptoms:
- beeps, lights, error messages
- "drive not recognized"
- "boot device not found"
- "operating system not found"
- solutions:
- check cables
- check boot sequence
- removable disks (USB)
- disabled storage interfaces
- try different SATA interfaces
- try the drive in a different computer
- data loss/corruption:
- repairs are difficult, not always possible
- HDD and SSD can fail
- SSD can sometimes be read but not written to
- RAID not found:
- missing or faulty RAID controller
- single drive in array failed, needs replacement
- RAID manager shows health of drives in RAID array
- SMART (Self Monitoring Analysis Reporting Technology:
- use third party utilities to do all the things in the acronym
- IOPS (Input/Output Operations Per Second)
- measure storage device access
- compare storage devices
- missing drives:
- check cables, BIOS, power, network shares connected
Troubleshooting Video & Display Issues:
- no signal: disconnected or select input
- dim: adjust brightness, backlight failure
- swap monitor to determine if that's the problem or not
- black screen: F8 VGA mode in Windows
- flickering/color: check cable pins
- distorted image: check OS refresh rate & resolution (match to spec), replace cable
- disable hardware acceleration to see if something is resolved
- native resolution: max resolution that a display handles
- match this in settings or use a factor of it
- burn in / image sticking:
- all monitors can get this
- image burns onto screen if left for a long time
- pixel shift:
- some displays move pixels intermittently after some time
- for LCDs (image sticking):
- display a white screen for a long time to fix
- dead pixels: only show black, manufacturing defect
- try cleaning the screen (make sure not just dirt)
- flashing/flickering screen:
- replace cable
- if not cable, replace monitor
- confirm settings
- incorrect color display:
- factory reset, custom color presets, driver config, OS config (night light)
- LCD projector:
- lamp inside (metal-halide)
- hot and bright
- 35-350$ for replacement
- let fan run when turning off projector to cool lamp
- intermittent shutdown:
- check fans, sensor will turn it off if too hot
Troubleshooting Mobile Devices:
- bad reception makes phone keep checking for signal, waste battery
- airplane mode: turns off all unnesessary signal
- check built in battery manager to see apps which use most
- swollen battery:
- build up of gas, do not open
- faulty battery, dispose of properly
- device can be damaged
- broken glass on display:
- usually have to replace glass and screen
- improper charging:
- check port and cable
- clean
- try using cable on other device
- verify power adapter
- poor or no connectivity:
- cellular: stay outside for best
- wifi: stay close to access point, interference, channel/frequency config change
- liquid damage:
- LCI (Liquid Contact Indicator):
- found inside devices, turns color when wet
- if device got wet, turn off immediately, remove all components
- put in silica gel
- let phone completely dry out, don't use it
- leave for more than a day
- overheating:
- sensors auto shutdown
- app usage util can tell you how hot it makes your phone
- digitizer issues:
- screen black, no response
- soft reset (software), hard reset (hold power), remove battery
- damaged ports:
- charging port usually need to replace entire system board
- malware:
- unusual apps, pop ups, high CPU usage, excessive battery use
- try security app
- cursor drift:
- cursor moves by itself
- needs calibrating
CompTIA A+ 220-1102
Overview of Windows
Windows 10 Home:
- integration with Microsoft account / onedrive
- Windows defender
- cortana
Windows 10 Pro:
- business version
- remote desktop host (RDP)
- BitLocker FDE (full disk encryption)
- join windows domain (connect to active directory server)
- allows company IT to manage PCs
Windows 10 Pro for Workstations:
- high end PCs
- up to 4 physical CPUs
- 6TB RAM max
- supports ReFS (Resilient File System)
- same file system as server
Windows 10 Enterprise:
- large implementations
- volume licensing
- AppLocker (company decides what apps can run)
- BranchCache (remote site file caching)
- Granular User Experience (UX) control
- define user environment, useful for kiosk
Windows 10 Hardware Requirements:
- 1GHz processor
- 32GB storage
- Microsoft DirectX 9 graphics w WDDM driver, 800x600
- x86: 1GB RAM // x64: 2GB RAM
Windows Features:
- Domain Services: centralized database containing any and all devices that connect to network
- manage all devices on an enterprise setup
- used in Active Directory
- use one single console to manage everything
- used on large scale organizational environments
- Windows Workgroups:
- like Domain Services but for home use
- manage multiple devices on a home network
- logical groups of networked devices
- each device is standalone system, all devices are peers
- Windows Domain:
- business network
- centralized authentication
- supports thousands of devices
- Remote desktop service: not available in Win 10 Home
- Win 10 Home only has remote assist capability to allow temp connection
- BitLocker & EFS (Encrypting File System):
- encrypt drive or just files
- EFS built into NTFS
- BitLocker is FDE (Full Disk Encryption)
- Group Policy Editor:
- commonly used for Active Directory managing devices on a corporate network
- local group policy: manages local device only
- gpedit.msc
- group policy management console: manages corporate devices
- gpmc.msc
- integrated with active directory
Windows Updates:
- upgrade: updating OS, keep files and apps
- in-place upgrade:
- upgrade existing OS from inside OS
- clean install:
- wipe everything, booting from installer
- can upgrade to win 10 from win 7 or 8.1 (not 8.0)
- can upgrade to win 11 from win 10
- install: start over fresh
Windows Command Line Tools:
- can run as admin if elevated permissions required
- help: gives info about commands "help chkdsk" OR "chkdsk/?"
- exit: closes cmd prompt
- copy: copy files/directories
- copy -v: verify new files are correct
- copy -y: skip y/n
- xcopy /s: coppies all subdirectories in specified directory
- robocopy: robust, just better and more options than copy or xcopy
- dir: list all files/directories in current folder
- cd or chdir: change working directory. Use \ to specify name of folder
- cd .. go up a directory
- md or mkdir:
- rd or rmdir:
- drive letters:
- C: = local storage drive normally
- can change any letter, add, etc...
- hostname: tells you name of host
- format: new filesystem to drive
- backup first! be sure
- shutdown
- shutdown /t: specify time until shutdown
- shutdown /r: restart after shutdown
- shutdown /s: just shutdown
- shutdown /a: abort shutdown countdown
- ex: "shutdown /r /t nn" nn = seconds
- diskpart:
- creat partitions, format, list, modify, delete
- list disk: shows disks
- list volumes: shows all volumes (drives with letters assigned)
- winver: shows which version of windows is running
- goup policy commands:
- gpupdate: force a group policy update
- gpupdate /target:{computer|user} /force
- gpupdate /target:user /force
- gpresult: verify policy settings for a computer or user
- gpresult /r
- use before and after updates to verify changes
Windows Network Command Line:
- ipconfig: prints DNS, DHCP, IP, subnet mask, default gateway, etc... for IPv4&6
- ipconfig /all: shows a lot more information
- ping: test reachability, round trip time
- uses ICMP (Internet Control Message Protocol)
- returns bytes sent, time for round trip, TTL, packets lost, received, sent, etc...
- netstat: network statistics
- works in many OSs
- netstat -a: show all active connections (devices i'm connected to and devices connected to me)
- netstat -b: show binaries (Windows), requires admin
- netstat -n: don't resolve names to domains, only IP addresses
- nslookup: name server lookup, query DNS
- nslookup www.youtube.com
- returns IPs associated
- net:
- view network resources:
- net view \\
- net view /workgroup:
- map a network share to a drive letter:
- net use drive: \\\
- view user account information and reset passwords:
- net user
- net user * /domain
- tracert: determine route a packet takes to a destination
- uses ICMP TTL
- TTL refers to hops, not seconds or minutes
- TTL=1 is the first router, TTL=2 is the second router, etc...
- not all devices reply with ICMP TTL
- tracert command:
- PC sends packet with TTL=1, hits first router and decreases to 0, sends back to PC with TTL error
- PC sends packet with TTL=2, hits first router and decreases to 1, sends second router which decreases to 0 and returns to PC with TTL error
- continues this process until reached destination up to 30 hops (TTL=30)
- pathping: combine ping and tracert
- Windows NT and later
- first phase runs tracert
- second phase measure round trip time and packet loss
Task Manager:
- start from Ctrl-alt-del or Ctrl-shift-esc
- tabs:
- services: apps that run in background, can right click to start/stop/restart
- startup: enable/disable startup apps
- processes: shows apps and background processes currently used, can end tasks, can sort by mem/cpu/etc...
- performance: shows historical/real-time performance of cpu,mem,disk,network
- users: see all users, manage, disconnect, see what they are doing, modify account settings
Microsoft Management Console:
- build your own console
- console with only the tools you need for your job
- mmc.exe to start
- Event Viewer: centralized logging
- Application Log
- Security Log
- Setup log
- System log
- warning types:
- warning
- error
- critical
- successful audit
- failure audit
- eventvwr.msc to start
- disk management:
- diskmgmt.msc
- task scheduler:
- config date and time to run anything
- can organize in folders
- taskschd.msc to start
- device manager:
- install drivers, manage them
- devmgmt.msc
- certificate manager:
- mange and view all certificates
- certmgr.msc
- Local Users and Groups:
- manage users and groups:
- admin: super user
- guest: very limited access
- regular: employees loggin in to their accounts
- manage their permissions
- groups: can add any group you want
- lusrmgr.msc
- performance monitor:
- perfmon.msc
- monitor over long time and store
- Group Policy Editor:
- centrally mange users and systems
- usually part of active directory
- local group policy editor: for managing local devices
- gpedit.msc
- group policy management console:
- gpmc.msc
- integrated with active directory
Additional Windows Tools:
- system information/overview:
- msinfo32.exe
- tabs:
- hardware resources:
- memory, DMA, IRQs, conflics
- components:
- multimedia, display, input, network
- software environment:
- drivers, print jobs, running tasks
- resource monitor:
- detailed stats about CPU, MEM, disk, network
- resmon.exe
- system configuration:
- manage boot processes, startup, services, etc...
- msconfig.exe
- disk cleanup:
- select categories
- cleanmgr.exe
- defrag:
- HDD
- moves pieces of files scattered all over drive and brings to one place
- improves performance a bit
- defrag C:
- regedit.exe:
- huge master database
- kernel, device drivers, services, security account manager (SAM), user interface
- backup if modifying anything! built into regedit
Control Panel:
- internet options: customize how built in browser operates in windows
- general: basic overview
- security: different access based on location
- privacy: cookies, popup blocker, private browsing
- content: certificates and auto complete
- connections: VPN and proxy settings
- programs: default browser, plugins
- advanced: detailed config options and reset
- devices and printers:
- all devices connected to PC
- can modify devices
- Programs and Features:
- modify/remove apps
- can turn windows features on/off (linux kernel)
- network sharing center:
- all network adapters
- all network configs
- system:
- see hardware on PC, winversion, etc...
- Windows Defender Firewall:
- integrated into OS
- protect from attacks, scans for malicious software
- control panel > windows firewall
- mail
- sound
- user accounts:
- config local accounts
- change password, manage certificates
- device manager:
- add/remove/modify drivers
- indexing options:
- speed up search process
- choose where Windows searches when using the search bar
- file explorer options:
- General:
- how folders/window works
- View:
- view hidden files, hide extensions
- Search:
- disable index searches, search non-indexed areas
- administrative tools:
- not commonly used tools for normal users
- very common for sysadmins
- power options:
- hibernate: save everything in memory into storage
- fast startup works the same
- sleep (standby): keeps everything in memory, keeps small amount of power running memory
- if power is low, will switch to hibernate
- power plans: can customize and config all this
- what happens when close lid
- different behaviour for being plugged in or not
- ease of access center:
- usability enhancements
- change display, keyboard, mouse, input, output, use without display, etc...
Windows Settings:
- settings app
- time and language
- update and security
- personalization
- apps: add/remove
- privacy: advertising, tracking, speech recognition
- system: display, audio, notifications
- devices: anything attached to PC
- network and internet: config network
- xbox game bar: gaming network
- accounts: config accounts
Windows Network Technologies:
- shared resources:
- assign/map drive letter associated with a share
- in file explorer click "map network drive"
- for print sharing, can do in printer properties under sharing tab
- can share printer, storage, etc...
- specify file server, name the share
- $ makes share hidden
- administrative tools/computer management to configure
- proxy settings:
- settings > Network and internet OR Control Panel > Internet options > Connections > LAN settings
- network locations:
- private: PC will be available to other devices
- public: PC will not be available
- can modify these properties
- network paths:
- click on a share and disconnect
- metered connections:
- limit data usage
Configuring Windows Defender Firewall:
- config public/private settings
- config which ports have access
- config network rules for apps
Windows IP Address Configuration:
- control panel > network and sharing center > change adapter settings > properties
- assign DHCP alternate config, etc...
Windows Network Connections:
- network and sharing center
- connect to internet, setup new network, connect to workplace
- direct, VPN, dialup
- built in VPN client: specify name and address of VPN concentrator
- smart card MFA
- config new wireless network
MacOS Overview
file types:
- .dmg: used to distribute software (like a CD), apple disk image, mountable as drive in finder
- has all files necessary to install an app
- .pkg: similar to .exe, runs installer script
- installer package
- .app: application bundle, contains all files for app
- after app installed, all will be inside .app file
app store:
- centralized updates/patches for OS and apps
uninstallation process:
- delete .app file
- some apps have an uninstaller.app file required to remove app
Apple ID:
- personal, sync to iCould
- Apple Business Manager:
- Apple IDs for employees
- integrate Active Directory, MDM
Time Machine:
- backs up all files to separate storage
- hourly, daily, weekly, monthly backups
- deletes oldest backups when no more space on drive
Anti-Virus:
- no default anti-virus
- update 3rd party anti-virus every hour/day
MacOS System Preferences:
- manage all setings/preferences
Mission Control:
- (Ctrl up arrow / 3 finger swipe up)
- spread out all apps accross screen
- create multiple desktops (spaces)
- Keychain: keeps passwords, notes, certificates
- just like KeePass
- can allow separate apps to access Keychain
- everything is encrypted in Keychain w login password
Spotlight:
- Cmd+Space
- find files/apps/images, etc...
- can customize what is indexed by Spotlight in system preferences
iCloud:
- sync any Apple device data
- iCloud drive: file sharing feature for using between different OSs
- just like Google Drive / Dropbox
- can be accessed by any OS
Gestures: trackpad gestures
Finder: file manager
Remote Disk:
- use optical drive from another computer
- designed for copying files
- doesn't work with audio CDs or video DVDs
- setup CD/DVD sharing in system preferences
FileVault:
- full disk encryption
- decryption uses local key / iCloud authentication
- MacOS won't start until authenticated
Force Quit:
- Cmd+Opt+Esc OR right click app in dock
- shows apps that you can force quit
Linux Commands
- | more:
- ex: ls -l | more
- allows you to see full output one page/line at a time
- q or Ctrl-c to exit
- chmod:
- rwx (read, write, execute)
- 8 permission types (0 = no permission): https://tinyurl.com/4fyvcce6
- calculating permission numbers: https://danielmiessler.com/images/permissions-1.png
- binary, x in 1 column, w in 2 column, r in 3 column
- can also use letters: a-w = remove write permissions from all
- u+x = add execution permissions to user
- user, group, others
- 777 = user, group, others can all read, write, execute
- chown:
- change file owner and group
- sudo chown [OWNER:GROUP] file
- ex: sudo chown dax script.sh
- yum (Yellowdog Updater Modified):
- manages RPM packages (Red Hat Package Manager)
- ip:
- ip address: view interface addresses
- lo (loopback address)
- enp (ethernet adapter)
- ip route: view IP routing table
- sudo ip address add [IPADDRESS/SUBNETMASK] dev [DEVICE/ADAPTER]
- ex: sudo ip address add 192.168.121.241/24 dev eth0
- df (disk free):
- default to space available in 1K blocks
- df -h (human readable sizes)
- grep:
- find text in a file
- grep PATTERN [FILE]
- ex: grep poop peepee.txt
- ps (process):
- view user processes
- ps -e: view all processes
- useful tip: ps -e | more
- top:
- view CPU, RAM, resource usage by most consumptive
- similar to task manager for Windows
- view by most consumptive in last minute, 5 min, 15 min
- many different options
- find:
- find file by name or extension
- find [DIRECTORY] -name ["FILE"]
- ex: find . -name "*.txt"
- finds all .txt files in current directory
- ex: find /dax -name ".vimrc"
- dig:
- lookup DNS info
- canonical names, IPs, cache timers, etc...
- ex: dig www.professormesser.com
- cat (concatenate):
- combine files together into one file
- cat file1.txt file2.txt > both.txt
- can also use to just print out files on screen
- cat file1.txt file2.txt
Linux Features
backups:
- tar (Tape Archive): script backup schedule
- rsync: sync files between devices instantly/scheduled
anti-virus:
- always update signature database
- always use real-time scanning
- Clam antivirus: open source antivirus engine
Samba:
- add SMB to Linux
- file/print sharing, active directory
- integrate Linux into Windows systems
Physical Security
Access control vestibule:
- small room with controlled access to data center
- one at a time controlled groups
- 3 options:
1) all doors normally unlocked
- opening one door locks others
2) all doors normally locked
- badge/PIN to unlock
- unlocking one door prevents others from being unlocked
3) one door open / other locked
- when one is open, others cannot be unlocked
CCTV (Closed Circuit Television) surveillance:
- identify faces, license plates
- recorded by motion detection OR 24/7
alarm systems:
- circuit-based: door/window opened on perimeter
- motion detector
- duress: triggered by person pressing button/pulling alarm
equipment locks: data center racks have locks with key
access list: list of who is allowed to be in building
- wearing ID badge may be necessary
barricades/bollards
Physical Security for Staff
key fobs (RFID)
smart card: certificate based
key cabinet: all keys in cabinet, may require leaving personal item for collateral
biometrics
lighting: useful for cameras
magnetometer: passive scanning for metal objects
MDM: company manages all their data on your device, can delete/add apps, etc...
Logical Security
least privilege:
- rights and permissions set to bare minimum for what each employee needs
- all user applications run with minimal privileges
ACL (Access Control List):
- allow/deny traffic on network OR object on OS
- used for NAT (Network Address Translation) & QoS
- ACLs use source IP, dest IP, TCP/UDP ports, ICMP, etc... to allow/deny
- ufw on linux is an example: can deny port 23 and can deny access to files
Multi-factor authentication:
- 5 factors possible for authentication:
- something you are, have, know, do, somewhere you are
- separate hardware tokens
- sofware tokens: authenticator applications
- pseudo-random number generator
- changes constantly, can't guess
- saves money compared to hardware authentication
- SMS text OR voice call MFA:
- not very secure, can be intercepted, spoof source, reassign phone number
- email filtering:
- filter from email gateway (firewall/DMZ)
- scan and block malicious software
Active Directory
- foundation of most corporate networks
- database of everything configured: printers, users, groups, DNS, etc...
- manage authentiacation for users with their AD credentials
- centralizes access control: determine which users access which resources
- commonly used in help desk: add/remove accounts, reset passwords, etc...
- Windows Domain Server: has everything on corporate network, accessed by Active Directory
- used when troubleshooting user and device related config on the corporate network
- OU (Organizational Units):
- organize how everyone/thing is grouped (by department, buildings, etc...)
- apply policies to OU groups
- login scripts: when someone logs in, script runs to setup what they will need
- associate script with a Group Policy Object (GPO)
- User Configuration > Policies > Windows Settings > Scripts
- ex: Building-A OU has all users there, script to startup printer closest to user on sign in
- Group Policy/Updates:
- manage computers/users with Group Policy Management Editor
- central console to manage login scripts, network config (QoS), security
- some updates can be applied without user loggin out
- gpupdate utility: > gpupdate /force
- Home Folder:
- assign user home folder to network folder
- manage/backup files from network
- avoid storing files on local computer
- Server Manager > Tools > OU > Users > Profile - select Home Folder, select Connect, choose drive, specify network share folder
- folder redirection: redirect folders to home folder to force network share
- User Config > Policies > Windows Settings > Folder Redirection
- Offline Files: feature to use files offline but will be updated on network share when reconnected
- Tools > Group Policy > OU > right click new GPO > edit > User Config > Policies > Win Settings > Folder Redirec
- Security Groups:
- assign permissions to specific groups of users
Wireless Encryption
authenticate to gain access, encrypt traffic, MIC (message integrity check)
encryption:
- WPA2 (Wifi Protected Access):
- CCMP block cipher mode
- Counter Mode Cipher Block Chaining Message Authentication Protocol, or Counter/CBC-MAC Protocol
- AES encryption
- MIC (message integrity check) with CBC-MAC
- PSK (Pre-Shared Keys) brute-force problem:
- shared password to log into network
- listen to 4-way handshake
- can capture hash to determine PSK
- WPA3:
- GCMP block cipher mode
- Galois/Counter Mode Protocol
- stronger than WPA2
- AES encryption
- MIC (message integrity check) with GMAC (Galois Message Authentication Code)
- SAE (Simultaneous Authentication of Equals):
- changes PSK auth process
- creates shared session keys without sending accross network (no handshake/hashes)
- uses Diffie-Hellman method of key exchanges
- 2 devices derive a shared key without sending it over network
- everyone uses different session key, but same PSK
- AKA the Dragonfly Handshake
- WPA/2/3 personal:
- uses 256-bit PSK, normal home router
- WPA/2/3 enterprise:
- each user has their own uname/pswd
- separate authentication server (RADIUS server)
Authentication Methods
sign in process:
- send username and password to site firewall/VPN concentrator/Access Point
- firewall sends to authentication server
- if you are authenticated, server sends back to firewall and approves your entry
- this unit is about authentication server protocols
RADIUS (Remote Authentication Dial-In User Service):
- common AAA (Authentication, Authorization, Accounting) protocol
- Authenticates users
- usually used in RADIUS servers
TACACS (Terminal Access Controller Access-Control System):
- remote authentication protocol
- created for ARPANET
- TACACS+ latest version
- CISCO devices use commonly
Kerberos:
- network authentication protocol for Windows Domain
- SSO Singal Sign On (don't need to re-authenticate mult times per day)
- user provided with cryptographic ticket after sign in
- user shows ticket to any device requiring authentication on network
- very convenient, no need to sign in everytime to access network printer/share
- mutual authentication: protect against on-path or replay attacks
Malware
trojan horse:
- malware that pretends to be something else
rootkit
- originally used in UNIX
- not common anymore
- embedded in kernel
- hard to ID and get rid of
- antivirus may not see it
- 3rd party rootkit removers for specific ones
- UEFI confirms nothing changed, hard to make a rootkit now
viruses
- malware that can replicate itself
- requires human intervention (clicking something)
- boot sector virus:
- boot loader modified to run malware
- before OS is loaded, antivirus cannot stop it
- UEFI stops this mostly, like rootkits
spyware
- common to be installed as a trojan horse
- fake security software
- can be invisible like a keylogger or can prompt you to log in to something
ransomware
- encrypts all data on computer
- can delete everything on computer or pay ransome
keylogger
- record all keystrokes and send to attacker
- circumvents all encryption
cryptominers
- botnet: uses multiple computers to mine crypto
Anti-Malware Tools
Windows Recovery Environment:
- before starting OS
- very powerful but can delete important files, last resort
- can enable/disable services, copy/modify files, etc...
- boot into Windows Recovery:
- hold shift while you restart PC
- boot into bootable Windows USB
- Win 10: Settings > Update & Security > Recovery > Advanced startup
- Win 11: System > Recovery > Advanced startup > Restart now
- once inside:
- choose troubleshoot
- choose advanced options
- choose command prompt
Anti-virus & Anti-Malware:
- need both, often come together
- need real time scanning, not only on-demand
- on-demand scans allow viruses/malware to get on system (only works when you tell it to)
- real time scans can stop software as it's being downloaded
Software Firewalls:
- monitor inbound/outbound network traffic to prevent malware
- Microsoft Defender Firewall: default on Windows
Anti-phishing training: train employees on best practices, set up fake phishing attacks and educate them
OS Reinstallation:
- the only way to guarantee malware removal
- can restore from known good backup (fast)
- can manual install (slowest)
- can image the system (fastest)
- user's data files are on network share
- recover from prebuilt image
Social Engineering
phishing: social engineering spoofing
- fake web login portal
vishing: voice phishing
- over phone/voicemail
- caller ID may be spoofed
- fake security check / bank update
shoulder surfing:
- use privacy filter on LCD
spear phishing:
- targetted attack on someone with lots of information
whaling:
- targetted attack on CEO level
tailgating/piggybacking:
- tailgating: person who opens door may not know you came in behind without authentication
- piggybacking: convincing someone to let you in (sometimes behind them)
impersonation
dumpster diving
wireless evil twin:
- wireless phishing
- config access point to look like existing network
- same SSID
- looks legit but malicious
- if the access point has enough power, it will appear at the top of the suggested APs
- especially useful for open hotspots (coffee shops, etc...)
- Use VPN to prevent giving info
Denial of Service
attacker forces service to fail
- found design flaw / vulnerability
- unintentional DoS: ex: causing a power surge that trips a breaker
DDoS:
- Distributed, botnet controlling DoS attack
Zero-Day Attacks:
- Common Vulnerabilities and Exposures (CVE) cve.mitre.org
On-Path / Man in the Middle Attacks:
ARP (Address Resolution Protocol) poisoning/poofing:
- the ARP protocol resolves an IP address to a MAC address
- device sends a query to all devices on local network, asking which router has the IP "192.168.x.x"
- device with IP "192.168.x.x" sends back it's MAC address
- ARP has no security
- an attacker can just send their own MAC address to the querying device so that all info goes to them
- attacker sends MAC to querying device to receive everything and repeats this attack on the router, to send the data to the internet
- attacker just sits in between, receiving all the info and sending it off to the router
- must gain access to network and be on same IP subnet of 2 devices to intercept
On-Path Browser attack:
- capture all info in the browser (before it's even encrypted)
- must install malware on victim's physical device
- attacker can sign in on your device and use your credentials to do whatever they want
Password Attacks
plaintext/unencrypted passwords:
- some apps store passwords in the clear
- not common
- never do this
hashing a password:
- message digest/fingerprint: takes password and creates a fixed-length string of text
- every input creates a different fingerprint
- collision: when two passwords have the same hash
- one way: impossible to recover original message from digest
- SHA-256: any password makes a 256 character long string of text
- brute force: try to match a word to the hash
- lockouts on accounts try to prevent this
- attackers test passwords against hash offline to prevent lockouts
- dictionary attacks: using list of real words to crack hash, can include substitutions, etc...
- only works for passwords that use real words
Insider Threats: people inside company, hackers can recruit people inside a company for info/data
- always have backups of data & good security
SQL Injection:
- maipulate database to access information
- 1=1 can give you everything in SQL database
- code injection can occur with HTML, SQL, XML, LDAP, etc...
- bad programming causes this
Cross-Site Scripting (XSS)
information from one site being shared with another
malware that uses JavaScript
entering sensitive info on one site while under attack by XSS will give attacker access to that info
causes:
- browser vulnerabilities
- software running in browser
non-persistent (reflected) XSS attack:
- anything with embedded javascript (link, text box, etc...) can start to run a script
- acquiring session ID for a site the victim is logged into
- able to access your account from their browser
persistent (stored) XSS attack:
- attacker posts message on social media with malicious payload
- no specific target (all viewers get infected)
preventing XSS attacks:
- be careful clicking, disable JS, keep browser updated, validate input as a developer
Security Vulnerabilities
non cmpliant systems:
- SOE (Standard Operating Environment):
- set of tested/approved hardware/software systems
- often standardized OS image
- devices attempting to log in to corporate network may receive a message "your system is non-compliant"
- need to update everything, antivirus signatures included
- protecting against non-compliant systems:
- apply policies to prevent non-compliant software
- monitor network for app traffic
- perform periodic scans
unpatched systems:
- Microsoft patch Tuesday: second Tuesday of every month @ 10am PST
- describe vulnerabilities found in last month
- all organizations try to patch before anyone can take advantage
- at home, just update your PC
unprotected systems:
- some troubleshooting may make system less secure
- disable firewall, disable antivirus to verify problems
product support lifetime:
- EOL (End of Life):
- manufacturer stops selling OS
- may still update
- EOSL (End of Service Life):
- support no longer available
- no ongoing security patches or updates
Microsoft Defender Antivirus
- downloads and executing apps are examined by Defender
- uses signatures to verify if something is malware
- always update!
- Windows Security app > virus & threat protection settings > Manage settings > Real-time protection
- can disable real-time protection for troubleshooting
Windows Defender Firewall
- disable from Windows Security OR Control Panel for troubleshooting
- can disable all connections to network
- firewall exceptions: block/allow port#s, block/allow apps connecting to network
Windows Security Settings:
- Loging into Windows accounts:
- Microsoft accounts
- Windows Domain accounts
- local accounts:
- located in local users & groups
- SSO (Single Sign On)
- NTFS permissions apply from local and network connections
- each NTFS folder can permit or deny users/groups (change in folder properties)
- share restrictinos are separate for when shared over network
- most restrictive permission wins (NTFS vs Share)
- folder/file uses permissions assigned to its parent
- explicit permissions:
- set default permissions for a share
- inherited permissions:
- propagated from the parent object to the child object
- administrator permissions: right click and run as admin
- UAC (User Account Control): limit software access
- standard users: use network, change password, etc...
- administrators: install apps, config RDP, etc...
- BitLocker: encrypts everything on drive
- BitLocker To Go: encrypts USBs
- EFS (Encrypting File System):
- built into NTFS
- encrypt at the file system level, not the OS, just all the files
- your user password unlocks
- admin resets will cause EFS files to be inaccessible
Security Best Practices
FDE (Full Disk Encryption):
- encrypting data at rest
filesystem encryption
- ex: EFS
USB encryption
decryption key backups:
- if lost, may not be able to gain access
passwords:
- 8 characters or longer is strong
- increased entropy is good (no single words, mix characters)
- passwords should expire every 30-90 days
- system remembers passwords so you can't reuse them
- critical systems should reset passwords every 7-15 days
- change default network passwords
- add BIOS/UEFI passwords
- user password: prevent booting
- supervisor/administrator: prevent BIOS changes
- locking the desktop:
- failed password attempt # to lock out account / reboot
- prevents online brute force attacks
- auto lock after inactivity/screensaver
PII (Personally Identifiable Information):
- name, address, etc...
- use privacy filters
Account Management:
- assign rights based on groups (least priviledge)
- login time restrictions
- certain people only have access at certain times
- disable any accounts not used/necessary, remove guest accounts
- change default usernames & passwords
AutoRun & AutoPlay:
- on older systems, AutoRun automatically starts removable drive
- disable autoplay in modern Windows --> Settings > Bluetooth & devices > AutoPlay
Filesystems:
FAT (File Allocation Table):
FAT32:
- 2TB max volume
- 4GB max file size
exFAT:
- larger files than FAT32
- supported on all OSs
NTFS (NT File System):
- features: quotas, file compression, encryption, large file support, security, recoverability
- Windows uses NTFS, some other OSs can read/write
ext3 (Extended File System):
ext4:
- Linux OS
APFS (Apple File System):
- MacOS, iOS, iPadOS
- encryption, snapshots, increased data integrity
- optimized for SSD
PXE (Preboot eXecution Environment):
- used to install OSs remotely to 100s of computers in enterprise
- installation files on network
GPT (GUID Globally Unique Identifier)
- latest partition format standard
- requires UEFI
- up to 128 partitions
- 9B TB max size
MBR (Master Boot Record):
- 2TB partition max
- 2 types of partitions:
- primary:
- bootable partitions
- 4 primary max
- mark one as active for OS
- extended:
- allows to create more partitions but none are bootable
Mobile Device Security
iOS deletes everything on device after 10 failed attempts at password
Android asks for google credentials and deletes everything if not provided
iOS can locate and remote erase everything on device
full disk encryption of phone
- iOS 8 and later are encrypted by default with your passcode
- Android 5 and later has same capability
Android more likely to be infected
apps in phone run in sandbox
Data Destruction
useful when companies upgrade PCs
methods:
- shredder: shreds hard drive or any other storage device
- drill/hammer
- electromagnetic degaussing: remove magnetic field
- incineration
certificate of destruction: 3rd party companies for destroying drives
disk formatting:
- low level formatting: provided at factory
- standard/quick formatting:
- setup filesystem, install boot sector
- clear master file table but not data
- data can be recovered
- standard/regular formatting:
- overwrites every sector with 0s
- default for Win Vista and later
- can't recover data
erasing data:
- Sdelete: secure delete, ensures files are completely deleted
- DBAN (Darik's Boot and Nuke): removes all data on a drive
Securing a SOHO Network
change default username and password: usually admin admin
firmware updates: bug fixes, security patches, new features
content filtering: allow/deny website IPs
DHCP reservations: assigning static IPs to each workstation by MAC address
static WAN IP:
- ISPs dynamically allocate WAN addresses for your SOHO router
- may be easier to manage if static:
- coordinate with ISP
- configure static IP & Subnet mask
- sometimes ISP charges for this
UPnP (Universal Plug and Play):
- AKA: Zero-configuration
- router auto configures itself and finds other network devices
- apps on internal network can open inbound ports using UPnP
- no approval needed
- used for P2P apps
- security risk because firewall is circumvented
- better to use a Screened subnet / DMZ as a substitute
Screened Subnet / DMZ (Demilitarized Zone)
- section of network attached to firewall but not attached to internal network
- good to put things that need to be access by internet without access to your own network
- making a website/sharing a torrent, etc... use a DMZ/Screened Subnet to store those files
SSID (Service Set Identifier) Management:
- don't use name of device for SSID
- can disable SSID broadcast
- not a security feature, wireshark can find SSID easily
Encryption:
- open system: cafes, stores, etc...
- WPA/2/3-Personal / WPA/2/3-PSK: everyone uses same 256 bit key
- WPA/2/3-Enterprise / WPA/2/3-802.1x: auth individual users w diff keys
Gues Network:
- very similar to DMZ/Screened Subnet
- separate subnet that can access internet but not your internal network
- normally enabled by default
- useful for guests, IoT, lab networks, etc...
- enable WPA2/3
Disabling Ports:
- ports not in use should be disabled, they can be vulnerable
- NAC (Network Access Control):
- 802.11x controls
- can't communicate unless authenticated, EVEN if someone gains access to open ports
Port Forwarding:
- external/public IP/port# maps to an internal/private IP/port#
- AKA: Destination/Static NAT (Network Address Translation)
- 24/7 access to service hosted internally (web server, gaming server, security system)
Browser Security:
- extensions can be malware
- validate hashes for downloads (SHA-256SUM)
- password manager/vault: randomized passwords saved in hashes
- enable pop-up blocker (some exceptions depending on website)
- clear data
- private browsing mode:
- privacy, good for troubleshooting, no history, no cache
- browser data sync
- ad block
Troubleshooting Windows:
- Windows Stop Error / BSOD
- bad hardware, bad driver, bad app
- use last known good system restore or rollback driver
- try Safe mode to troubleshoot
- reseat hardware
- run hardware diagnostics
- BIOS may have integrated
- sluggish performance
- check task manager & performance tab
- Win update
- check disk space & defrag
- power saving mode
- overheating
- check for virus/malware
- boot errors:
- "operating system not found"/"missing operating system":
- dual booting can cause this if bootloader not configured properly
- check that the drives are connected
- Windows Startup Repair:
- Missing NTLDR (main Windows boot loader is missing)
- Settings > System > Recovery OR Advanced Boot Options
- run startup repair or replace manually and reboot
- manually config BCD
- boot to Safe Mode
- disconnect removable media
- modify Windows Boot Configuration Database (BCD):
- formerly boot.ini
- recovery console: bootrec /rebuildbcd
- windows is starting:
- device not starting: check device manager and event viewer
- often bad driver, remove and replace
- "one or more services failed to start":
- try starting manually
- check account permissions
- confirm service dependencies
- check system files (Win service)
- reinstall app (App service)
- application crashing:
- may provide error message or just dissapear
- check event log
- check reliability monitor (see history of app performance)
- reinstall the latest version of the app
- low memory warnings:
- "your computer is low on memory"
- close large memory processes
- check task manager
- enable/increase Virtual memory
- System > About > Advanced system settings > Performance > Settings > Virtual memory
- USB controller resource warnings:
- "USB controller does not have enough resources for this device"
- USB devices contain buffers called "endpoints"
- diff USB controllers support diff num endpoints
- move USB to diff interface, some USB 2/3 interfaces support more endpoints
- match USB to interface (USB 2.0 to the 2.0 port)
- system instability:
- general system failures: software hangs, app failures, etc...
- run full diagnostic
- run storage/memory check
- run SFC (System File Checker)
- anti-virus scans
- slow profile load:
- profile takes too long to load
- for active directory setups, could be problem with domain controller (DC)
- workstation may be choosing a remote domain controller
- use local domain controller
- time drift:
- normal to drift over time
- uses outside resources to keep proper date/time
Troubleshooting Solutions:
- reboot before anything
- bug in router software
- app using too many resources
- memory leak consuming all RAM
- restart services:
- apps that run in background with no interaction
- view in task manager > services tab
- stop, restart, modify
- uninstall/reinstall/repairing/reset apps:
- Settings > Apps > Apps & features
- Control Panel > Programs & Features
- repair: install missing files, replace corrupt files, etc...
- reset: remove all app data, factory reset app
- verify minimum system requirements for running app if not working well
- System Information app shows all info of your PC
- core operating system file problems:
- System File Checker (SFC):
- scans all imortant system files
- use this if you know your system was infected with malware
- Windows Restore:
- System > About > System Protection
- restore windows to a previous restore point
- only changes windows configuration, not personal files
- Windows Reset:
- manually reinstall OS
- Win 10: Settings > Update & Security > Recovery
- Win 11: Settings > System > Recovery
- update & patch:
- Windows Update automatically updates
- can manage/change active hours, metered connections, etc...
- only updates OS, need to download updates for apps separately
- rollback updates:
- see all update history
- Win 10: Settings > Update & Security > Windows Update
- Win 11: Settings > Windows Update
- can uninstall specific updates
- rebuild Windows profiles on Active Directory:
- delete bad profile that is corrupted
- login with domain admin rights
- rename \User\name folder to save important files
- backup user's registry
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
- right clock / Export
- delete after backing up
- login with the user account and Win will see no existing profile
- Win will recreate profile
- Domain Admin can copy any backed up files needed
- do not copy entire profile, may have malware
Troubleshooting Security Issues:
- malware can cause:
- slow performance, internet connectivity issues, OS update failures
- renamed system files, files disappearing, file permissions changed, acces denied
- malware removal tool to recover what you need
- best practice is to reinstall OS
- desktop alerts: browser push notifications can be malware
- perform malware scan
- fake antivirus messages are common
- invalid website certificates:
- may be expired or from a different domain
- check your date/time
- click the lock icon on the HTTPS icon
- browser redirection:
- instead of google, browser goes somewhere else
- gives you more adware/malware
- best practice is to reset operating system
Removing Malware:
- best practice is to reinstall OS or known good backup
- remove malware only to access and save important files
1) verify malware symptoms: odd errors, performance issues
2) disconnect from network: contain problem, isolate everything, don't transfer files
- any files can be infected, USBs can be infected
3) disable system restore: malware infects restore points as well! Disable system protection
- delete all restore points
4a) remediate: update anti-virus, manual updates are useless always auto update
- malware may prevent updating signatures for anti-virus
- copy from another computer with a USB drive (then quarantine it)
4b) scan and remove: let anti-virus scan and remove anything it can
- may have to use stand alone 3rd party malware removal tool for specific malware
- no way to know if malware is really gone
- boot in Safe Mode if not able to get the files normally (worth a try)
- boot in WinPE (PreInstallation environment):
- bootable USB provides you with recovery console
- build your own from Win Assessment and Development Kit (ADK)
- also allows repair of boot sectors if they were also infected
5) schedule scans and run updates: built into anti-virus
- task scheduler: run any task
- enable auto update
6) enable system protection:
- turn on system protection
7) educate the end user:
- one on one training
- poster/sign
- message board
- intranet page
Troubleshooting Mobile Devices:
- restart phone
- stop/start apps
- force stop aps
- update apps
- delete and reinstall app
- make sure you have enough storage
- try diff network connection for updates if not working
- battery life issues:
- bad reception, constantly trying to connect
- aging battery
- disable unnecesary wireless 802.11x, bluetooth, GPS
- check battery usage app
- random reboots:
- not many hardware checks
- crash logs
- connectivity issues:
- move closer to AP, try different AP
- if no connection: check Wifi/Bluetooth settings, try hard reset
- NFC not working: restart device, remove credit card and add again for payment
- airdrop needs to be 30 feet or closer, make user you are discoverable
Troubleshooting Mobile Device Security:
- avoid sideloading (installing apps from a non trusted source)
- developer mode: for iOS use Xcode in MacOS, Android about phone tap build number 7 times
- root/jailbreaking: replacing firmware on device
- application spoofing: infected apps (trojan horses)
- high network traffic: malware, check data reports, run malware scan
- Android can limit and warn about high data usage, iOS cannot
Ticketing Systems:
- document, assign, resolve, report
- triage: ranking priority of problems
- information gathering: user information and problem description
- categorization (network, OS, etc...)
- assign severity
- determine if escalation is required
- if using Active Directory, can query to auto populate info of user
- always confirm info with actual person
- description field has most information, will be added to constantly
- change request: when a change to system is needed
- hardware request: require hardware
- progress notes: important for other people to read and see how something was resolved
- problem resolution: document everything
Asset Management:
- list of all assets: routers, servers, switches, etc...
- useful when something goes wrong with a device, have all the information about it
- useful for financial records
- some companies add a sticker with a barcode on it to identify it
- procurement life cycle: purchasing process has multiple steps
- budgeting, purchasing, supervisor agreement, legal team finalization, invoice & payment
Document Types:
- AUP (Acceptable Use Policies):
- who can use which assets and how to use assets
- useful in case someone misuses asset and is fired based on that
- Network Topology diagram:
- like a map of all the network devices
- useful for finding devices or troubleshooting
- compliance:
- meeting laws, policies and regulations
- splash screens:
- message informing user about proper use
- does not go away until user agrees to it
- may be required for legal or admin purposes
- incident reports:
- if a device is breached, etc...
- standard operating procedures:
- when to maintain things and how to inform everyone, etc...
- on-boarding:
- process of hiring someone new
- signing agreements, creating accounts, etc...
- off-boarding:
- process to follow when someone leaves organization
- return all hardware, deactivate user accounts, etc...
- knowledge base and articles:
- external sources: internet communities
- internal sources: find solution quickly
Change Management:
- one of the most common risks if there is no process
- every company should have their own change management system
- rollback plan: how to go back to previous configuration if change doesn't work
- always have backups
- sandbox testing: environment without ability to affect real system, can confirm rollback plan
- everyone is responsible for change management
- normal steps for change management:
- complete request forms
- determine purpose of change
- identify scope of change
- schedule change
- determine affected systems
- analyze risk of change
- get user acceptance after change
Managing Backups:
- full backup: backup everything
- high backup time & low restore time
- differential backup:
- first backup backs up everything
- each subsequent backup only contains data that was changed since last full backup
- full backup + differential backup = all data
- moderate backup time & moderate restore time
- incremental backup:
- first backup backs up everything
- each subsequent backup only contains data that was changed since last incremental backup
- basically every day has another separate backup until there is another full backup
- full backup + each incremental backup = all data
- low backup time & high restore time
- synthetic backup:
- same as incremental backup but combines all incremental and full backup into one without actually physically doing it
- low backup time & low restore time
- backup testing:
- simulate disaster to verify everything works
- onsite vs offsite backups:
- onsite: no internet required, less expensive, immediately available
- offsite: need internet, data available after disaster, restoration from anywhere
- GFS (Grandfather-Father-Son) strategy:
- 3 separate backup rotations: monthly, weekly, daily
- 12 monthly grandfather backups
- 4 weekly father backups
- 31 daily son backups
- 3-2-1 backup strategy:
- 3 copies of data at all times
- 2 different types of media
- 1 copy of data kept offsite
Managing Electrostatic Discharge (ESD):
- keeping humidity around 60%
- self ground: touching metal chassis
- wear anti-static strap:
- anti-static mat, bag, pad
Battery Backups:
- UPS (Uninterrupted Power Supply):
- Standby UPS: connected to main power, auto switch when lose power
- Line-interactive UPS: connected to main power, connected to main battery, faster transition
- On-line UPS: always online, connected to PC/server
- Surge suppressors:
- 200 joules of surge absorption is okay, 400 better, 600 ideal
- lower voltage through in case of spike is better
Privacy, Licensing and Policies
- chain of custody: collecting evidence
- use hashes for digital evidence: ensure nothing changes
- label and catelog everything
- sign with digital signature
- copy of storage drives: bit for bit copy
- use hardware write blocker
- use hash
- documentation:
- summary of event
- how data was acquired
- analysis of data
- conclusion
- EULA (End User Licensing Agreement):
- agreeing to all the crap for an app
- regulating credit card data:
- PCI DSS (Payment Card Industry Data Security Standard)
- standards for protecting them
- 6 control objectives:
1) build and maintain secure network systems
2) protect cardholder data
3) maintain vulnerability management program
4) implement strong access control measures
5) regularly monitor and test networks
6) maintain information security policy
- PII (Personally Identifiable Information)
- GDPR (General Data Protection Regulation):
- EU law allows you to delete all data you have uploaded
- PHI (Protected Health Information):
- HIPPA (Health Insurance Portability and Accountability act)
- data retention requirements:
- some companies may have requirement to keep all info for a certain amount of time
Scripting Languages
- Batch Files: default Windows
- .bat files
- Powershell: better version of CMD for Windows
- .ps1 files
- Visual Basic Scripting: app scripting for Windows
- .vbs files
- Shell script:
- #! is shell script
- .sh files
- JavaScript: web scripting
- .js files
- Python: runs accross many different OSs
- .py files
Remote Access:
- RDP (Remote Desktop Protocol):
- Windows
- tcp/3389
- VNC (Virtual Network Computing):
- RFB (Remote Frame Buffer) protocol
- many open source
- works on all OSs
- VPN (Virtual Private Network):
- concentrator manages everyone who uses this virtual network
- on Linux, can make your own VPN with cryptographic hardware & software only options
- authentication important, security is high, can't be hacked really
- SSH (Secure Shell):
- access server remotely
- can limit to certain MAC addresses only
- RMM (Remote Monitoring and Management):
- manage systems remotely
- MSP (Managed Service Providers):
- many customers and systems to monitor
- access should be limited
- MSRA (Microsoft Remote Assistance):
- AKA Quick Assist in Win11
- no firewall config, no port forwarding
- "invite someone you trust" in the app
- TeamViewer:
- remote 3rd party
inplace upgrade: from inside the OS, regular upgrade (Win 10 upgrade checker / PC health check for Win11)
sidecar: iPadOS supports using as second monitor
external hardware token: USB has to be plugged in to run application
FAT32 max file size = 4GB
.vbs VBScript Microsoft visual basic scripting edition " allows Microsoft Windows system administrators to generate powerful tools for managing computers without error handling and with subroutines"